Show You Have What It Takes

Employers want proof you have the expertise they need. They want to see your information security certifications. They want to know you’re continually improving your skills to stay up on the latest threats and technology.

Certify your skills through (ISC)² — the global leader in information security certifications! (ISC)² certifications, such as the CISSP, are known as the gold standard of the industry.

Validate your expertise and prove you have what it takes to protect your organization with a globally recognized (ISC)2 certification.

World-Class Certifications: Discover Which Are Right for You

The most-esteemed cybersecurity certification in the world. The CISSP recognizes information security leaders who understand cybersecurity strategy, as well as hands-on implementation. It shows you have the knowledge and experience to design, develop and manage the overall security posture of an organization. Are you ready to prove you’re an expert?

Ideal for:

Experienced, high-achieving information security professionals

Why Pursue It:

Career game-changer: The CISSP can catapult your career, leading to more credibility, better opportunities, higher pay and more.

Ongoing growth and learning: You’ll expand your skills, knowledge and network of experts, so you can stay on the forefront of your craft.

A mighty challenge. You love to push yourself. You’ll feel complete exhilaration when you pass our rigorous exam and join this elite community.

Experience Required:

Candidates must have a minimum of five years cumulative, paid, full-time work experience in two or more of the eight domains of the CISSP Common Body of Knowledge (CBK).

A global IT security certification. The SSCP recognizes your hands-on, technical abilities and practical experience. It shows you have the skills to implement, monitor and administer IT infrastructure using information security policies and procedures — ensuring the confidentiality, integrity and availability of data.

Ideal for:

Practitioners in operational IT roles or in information security

Why Pursue It:

Respect. The SSCP certification validates your knowledge and experience. It’s a way to be taken more seriously. SSCPs have a voice in decisions, and their teams value their advice.

New career opportunities. The SSCP can spark career growth. It can lead to higher pay, promotions, more complex work, exciting challenges, project lead roles and even better jobs.

Growth and learning. The SSCP not only proves your knowledge, it helps you develop new skills you can instantly apply in your day-to-day work. And you’ll stay up-to-date on emerging security threats.

Experience Required:

Candidates must have a minimum of one year of cumulative work experience in one or more of the seven domains of the SSCP Common Body of Knowledge (CBK).

A one-year experience waiver will be granted for a candidate who received a degree (bachelors or masters) in a cybersecurity program.

The premier cloud security certification. Co-developed with Cloud Security Alliance (CSA). One of the hottest certifications on the market today. The CCSP recognizes IT and information security leaders who have the knowledge and competency to apply best practices to cloud security architecture, design, operations and service orchestration. It shows you’re on the forefront of cloud security.

Ideal for:

Experienced, high-achieving IT and information security professionals who work in and/or consult about cloud platforms

Why Pursue It:

Instant credibility: The CCSP positions you as an authority figure on cloud security. It’s a quick way to communicate your knowledge and earn trust from your clients or senior leadership.

Staying ahead: The CCSP can enhance your working knowledge of cloud security and keep you current on evolving technologies.

Versatility: You can use your knowledge across a variety of different cloud platforms. This not only makes you more marketable, it ensures you’re better equipped to protect sensitive data in a global environment.

Career advancement: The CCSP creates new opportunities — from being able to move into more strategic roles, to being able to add new consulting services to your business.

Experience Required:

Candidates must have a minimum of five years cumulative, paid, full-time work experience in information technology.

Three years must be in information security, and one year must be in one or more of the six domains of the CCSP Common Body of Knowledge (CBK).

Earning CSA’s CCSK certificate can be substituted for one year of experience in one or more of the six domains of the CCSP CBK.

Earning (ISC)²’s CISSP credential can be substituted for the entire CCSP experience requirement.

An information security certification aligning with the Risk Management Framework (RMF). The CAP recognizes your knowledge, skills and abilities to authorize and maintain information systems within the RMF. It proves you know how to formalize processes to assess risk and establish security documentation.

Ideal for:

IT, information security and information assurance practitioners and contractors who use the RMF in:

The U.S. federal government, such as the U.S. Department of State or the Department of Defense

The military

Civilian roles, such as federal contractors

Local governments

Private sector organizations

Why Pursue It:

Credibility and marketability. Earning the CAP is a powerful way to validate your knowledge. You’ll stand out and be more competitive.

Better opportunities. Holding the CAP certification makes you more versatile. It can help you move up and advance your career. And if you’re a contractor, it can lead to better choice in assignments.

Growth and learning. From exam prep to continuing education, the CAP offers many ways to expand your knowledge. You can stay up-to-date with new technologies and risks.

Experience Required:

Candidates must have a minimum of two years cumulative, paid, full-time work experience in one or more of the seven domains of the CAP Common Body of Knowledge (CBK).

A global, vendor-neutral certification to recognize those with leading software and application security skills. The CSSLP recognizes your expertise and ability to incorporate security practices — authentication, authorization and auditing — into each phase of the SDLC.

Ideal for:

IT professionals involved in the software development lifecycle (SDLC) — including developers, testers and project managers — who are responsible for security practices and resisting malicious hackers

Why Pursue It:

Instant credibility. The CSSLP proves you’re a subject matter expert in application security. It shows you have desirable skills for employers around the world, giving you more opportunities.

Relevant, new knowledge. Earning the CSSLP is a great way to expand your software security knowledge, in addition to affirming your expertise. It offers continuing education, so you can keep your skills current and relevant.

Versatile skills. The CSSLP isn’t product-specific, so you can easily apply your skills to different technologies and methodologies.

Experience Required:

Candidates must have a minimum of four years cumulative, paid, full-time SDLC professional experience in one or more of the eight domains of the CSSLP Common Body of Knowledge (CBK).

Earning a four-year college degree or regional equivalent will waive one year of the required experience.

A global healthcare security certification. It bridges healthcare information security and privacy like no other certification! The HCISPP recognizes your knowledge and ability to successfully implement, manage or assess security and privacy controls for healthcare and patient information. It proves you have a strong foundation in healthcare risk, security and privacy, and you understand important healthcare regulations.

Ideal for:

Practitioners and consultants in healthcare information security and privacy who are responsible for guarding protected health information

Why Pursue It:

Credibility. The HCISPP shows you know best practices and have practical expertise in healthcare information security and privacy. It sets you apart, improving your authority and appeal.

Growth and learning. From exam prep to continuing education, the HCISPP offers many ways to expand your knowledge and stay current with healthcare security and privacy. (High-demand skills!)

Candidates must have a minimum of two years of cumulative, paid, full-time work experience in one or more knowledge areas of the HCISPP Common Body of Knowledge (CBK) that includes security, compliance and privacy.

Legal experience may be substituted for compliance.

Information management experience may be substituted for privacy.

Of the two years of experience, one of those years must be in the healthcare industry.

Elite, specialized credentials that build upon the CISSP. These are optional pursuits for CISSPs who wish to prove their subject matter mastery. The CISSP Concentrations recognize your evolving expertise in information security architecture, engineering or management. As a CISSP-ISSAP, you prove your expertise developing, designing and analyzing security solutions. You also excel at giving risk-based guidance to senior management in order to meet organizational goals.

Ideal for:

CISSPs in good standing. You’re a life-long learner who wants to go beyond the CISSP and challenge yourself in a specialized area.

Why Pursue It:

A demonstration of excellence. You want to stand out from your fellow CISSPs. A concentration proves you have an elite level of knowledge and expertise.

New opportunities. A CISSP Concentration opens doors: from new career paths and jobs, to more exciting work.

Growth and learning. This is an opportunity to dive deep and hone your craft. You’ll find new ways to grow and stay on the forefront of information security. And earning your concentration is a big challenge.

Experience Required:

To qualify for the CISSP-ISSAP, you must be a CISSP in good standing and have two years cumulative, paid, full-time work experience in one or more of the six domains of the CISSP-ISSAP Common Body of Knowledge (CBK).

Elite, specialized credentials that build upon the CISSP. These are optional pursuits for CISSPs who wish to prove their subject matter mastery. The CISSP Concentrations recognize your evolving expertise in information security architecture, engineering or management. As a CISSP-ISSEP, you show your keen ability to practically apply systems engineering principles and processes to develop secure systems.

Ideal for:

CISSPs in good standing. You’re a life-long learner who wants to go beyond the CISSP and challenge yourself in a specialized area.

Why Pursue It:

A demonstration of excellence. You want to stand out from your fellow CISSPs. A concentration proves you have an elite level of knowledge and expertise.

New opportunities. A CISSP Concentration opens doors: from new career paths and jobs, to more exciting work.

Growth and learning. This is an opportunity to dive deep and hone your craft. You’ll find new ways to grow and stay on the forefront of information security. And earning your concentration is a big challenge.

Experience Required:

To qualify for the CISSP-ISSEP, you must be a CISSP in good standing and have two years cumulative, paid, full-time work experience in one or more of the five domains of the CISSP-ISSEP CBK.

Elite, specialized credentials that build upon the CISSP. These are optional pursuits for CISSPs who wish to prove their subject matter mastery. The CISSP Concentrations recognize your evolving expertise in information security architecture, engineering or management. As a CISSP-ISSMP, you excel at establishing, presenting and governing information security programs. You also demonstrate deep management and leadership skills.

Ideal for:

CISSPs in good standing. You’re a life-long learner who wants to go beyond the CISSP and challenge yourself in a specialized area.

Why Pursue It:

A demonstration of excellence. You want to stand out from your fellow CISSPs. A concentration proves you have an elite level of knowledge and expertise.

New opportunities. A CISSP Concentration opens doors: from new career paths and jobs, to more exciting work.

Growth and learning. This is an opportunity to dive deep and hone your craft. You’ll find new ways to grow and stay on the forefront of information security. And earning your concentration is a big challenge.

Experience Required:

To qualify for the CISSP-ISSMP, you must be a CISSP in good standing and have two years cumulative, paid, full-time work experience in one or more of the six domains of the CISSP-ISSMP CBK.

Aspiring information security and IT professionals who love a challenge, want to be smart about their career paths and don’t have the experience needed for full certification yet.

Why Pursue It:

Competitive advantage. In passing a rigorous (ISC)² certification exam, you increase your credibility with employers and stand out from your peers.

Command over your career. You take control of your future.

An amazing, global community. You instantly become a member of the elite (ISC)² community. And you gain access to all our networking and professional development resources, so you can advance your career.

Experience Required:

You can take an (ISC)² certification exam without the minimum work experience.

If you pass, you need to meet your continuing professional education (CPE) requirements, while you work to get the experience needed to certify as a CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP or CCFP.

Why Certify? Become a Better Version of Yourself

Differentiate yourself from other candidates for desirable job openings.

Validate the knowledge and skills you’ve gained through all your years of hard work.

Gain entry into (ISC)² membership. It’s a unique community of thought leaders in cybersecurity, so you can collaborate and hone your craft.

Get insider access to peer networking, mentoring, educational tools and global resources. You can grow and challenge yourself. (ISC)² is on the forefront of helping professionals — like you — learn, certify and grow throughout their careers.

Gain the power, education and networking system to face security threats head on.

Plus, our information security certifications may lead to higher pay and promotions. (It depends on your country and employer.)

Social Media

All contents of this site constitute the property of (ISC)², Inc. and may not be copied, reproduced or distributed without prior written permission. (ISC)², CISSP, SSCP, CCSP, CAP, CSSLP, HCISPP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered certification marks of (ISC)², Inc.